Real Is The Struggle

Kippo Kali Pi

A How-To Guide on Setting Up a Kippo SSH Honeypot Using Kali Linux and a Raspberry Pi 2

Disclaimer: Continue at your own risk. This is just a guide. Please do your own research.

I have been interested in the Raspberry Pi because of the performance/cost ratio, large user-base, and general ease-of-use. I had a Raspberry Pi 2 laying around that I had installed RetroPie on. I was starting to play around with Hydra and brute-forcing FTP and SSH in my home lab and I wanted to expand my username/password list for future scans. I found some password lists online The Top 500 Worst Passwords of All Time. What better than real world examples for a username and password list?

I started doing some research and found some other how to guides for Raspberry Pi and Kippo. But most were out-dated and I couldn’t find anything recent. To prevent your real struggle with this installation, I thought I would document my steps for you, internet stranger. May your struggle be less real than mine was.

In this guide we will setup Kali 2 on a Raspberry Pi 2 and install Kippo SSH Honeypot and Kippo-graph Web Server.

3. Use Win32DiskImager to write the image to disk on Windows or use the dd command on Mac.

Pro Tip: Don’t accidentally format the wrong drive.

diskutil -l

sudo dd if=kali-2.1-rpi2.img of=/dev/disk2s1 bs=512k

4. Insert SD card in to your Pi and power on. Default credentials are root/toor.

5. Change the root password using the passwd command.

6. Install some of the pre-reqs

sudo apt-get install python-mysqldb apache2

6. We have to install an older version of Python Twisted manually because of issues with the current version of Twisted and Kippo. I can’t recall the error at the moment, but I’ll see if I can find it in the logs later.